Saturday, June 9, 2012

Has everyone changed their LinkedIn password ?

LinkedIn was hacked and over 6 million password hashes got stolen.
If that wasn't bad enough, the hashes weren't salted and to make it all worse, the hashes are out on the net.

The story got out on June 6, 2012, when a user with alias "dwdm" asked for help from InsidePro forum members to crack over 6.4 million passwords from LinkedIn.
Copies of the list were duplicated to several file sharing sites and can be easily found.

Some of the hashes may have already been cracked by the original poster or by other hackers. I strongly recommend changing your passwords.

Keep updated from LinkedIn about the issue on their blog http://blog.linkedin.com/2012/06/06/linkedin-member-passwords-compromised/.

You can check if your password was on the list on this site: http://dazzlepod.com/linkedin/
Be careful :-)

You can also download the full password list from dropbox: https://www.dropbox.com/s/mfd4h4oylp3691a/linkedin.com.zip thanks to HackTalk.

A few lessons can be had:
  1. Nothing is secure on the net. Not even on sites like LinkedIn
  2. When designing a database that holds passwords, If your using standard encryption, at least add salt.
  3. If you stole a bunch of passwords and would like them to remain relevant, Don't ask for help cracking SHA-1 on the web !!!
If you want to crack the SHA list for yourself use http://hashcat.net/hashcat/
Post requests if you want me to post a tutorial.

2 comments:

  1. Hi, Great.. Tutorial is just awesome..It is really helpful for a newbie like me.. I am a regular follower of your blog. Really very informative post you shared here. Kindly keep blogging. If anyone wants to become a Front end developer learn from Javascript Training in Chennai . or learn thru Javascript Training in Chennai. Nowadays JavaScript has tons of job opportunities on various vertical industry. JavaScript Training in Chennai

    ReplyDelete